Qemu with emulated TPM

Hello,

I have Searched the forum for my issue and found nothing related or helpful
I have checked the Resources category
I have reviewed the Wiki for relevant information
I have read the the Release Notes and Errata

OpenMandriva Lx release 26.02 (ROME) Rolling for x86_64
GNOME 49.3

Description of the issue (screenshots if relevant):
I am in the process of switching to Openmandriva from Ubuntu. On my Ubuntu install I had Qemu/Virtmanager installed, and a Windows 11 virtual machine using swtpm. I was able to get qemu and virtmanager installed with help from the Resources index, but was not able to install swtpm or swtpm-tools:

sudo dnf install swtpm swtpm-tools
Updating and loading repositories:
Repositories loaded.
Failed to resolve the transaction:
No match for argument: swtpm
No match for argument: swtpm-tools
You can try to add to command line:
–skip-unavailable to skip unavailable packages

If I attempt to start the VM, I get “unsupported configuration”. I attempted to change the TPM to passthrough (device /dev/tpm0) and I get "Unable to find ‘efi’ firmware. After reading the Qemu documentation, it seems that passthrough is not a good idea anyhow as the host OM system is probably using it anyhow; also VM migration would be disabled if the VM were using passthrough.

Is there any chance that swtpm / swtpm-tools will be added to the repositories, or are there any guides to building / installing it from the git repo?

Relevant informations (hardware involved, software version, logs or output…):

Hi @gbfrost

at the moment it looks like you’re going to have to:
a) Compile & Install
b) Use the Win11 registry hack (if you can)

That does look like something we may need to add

Diving deeper into the repos, there is a package: lib64tss2-tcti-swtpm

do a dnf search swtpm and you should find it. Try installing that.

@gbfrost

lib64tss2-* are all pretty old (2023). The package may or not work, maybe worth of a rebuild or update?

I’m not even sure if that’s the one needed here. Hopefully later today I’ll get a chance to actually test it.

Well, the last release version of swtpm was in 2024

So we likely will have to.

And if that library doesn’t do it, file packaging requests for swtpm, libtpms, and seabios-tpm

• swtpm
• libtmps
• seabios-tpm

I installed lib64tss2-tcti-swtpm and rebooted. Attempting to start the VM resulted in the same “unsupported configuration”, so I think you are correct, I don’t think it is the correct one.

I’m new here, so can you point me to where I would file a packaging request?

Thanks for your help!

best way to do that would be to take the list I’ve got above and put the request over on our github issue tracker:

Sounds good. I’ll do it tomorrow.

Thanks!

Packaging requests 3460 (swtpm), 3461 (libtpms) submitted

seabios-tpm didn’t have a current release link, hasn’t been updated since 2015. I don’t think it is necessary for TMP emulation in Qemu either, so I didn’t submit a package request for that.

Seabios-tpm is definitely a niche case tool. You would only use it if you needed to add tpm support to a non-uefi operating system

Or wanted to add an option for “legacy support”.

Fwiw, seabios is actually the default bios for kvm/qemu/virt-manager

Since Win11 is the only OS I can think of that requires a TPM I never even noticed the lack. I don’t think Qubes even requires one.

Oh and on Rome, remember to install the spice drivers:

Have fun

Yes, Windows 11 is wonderful for that (stupid) requirement . That was the whole purpose behind why I created the VM: I had an old windows machine that could not upgrade due to TPM 2.0 requirement, and I needed a way to run some windows-only software on 11. Rather than buy a new machine, I was able to install it in a VM with TPM emulation. I still have to use it occasionally to run stuff like TurboTax.

I installed the spice drivers, so I think I am ready for whenever the TPM packages become available. I may try to build them myself if it takes awhile, but I will defer to the packages if they become available before I absolutely have to run the win11 vm.